US11533296B2ActiveUtilityPatentIndex 62
Testing and remediating compliance controls
Est. expirySep 1, 2037(~11.2 yrs left)· nominal 20-yr term from priority
Inventors:ADAM CONSTANTIN MIRCEACOHEN RICHARD JAYFILEPP ROBERTHERNANDEZ MILTON HPETERSON BRIANVUKOVIC MAJAZENG SAIZHANG GUAN QUNAGRAWAL BHAVNA
H04L 63/20G06F 21/577H04L 63/0263G06F 9/30003
62
PatentIndex Score
0
Cited by
23
References
19
Claims
Abstract
Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system, comprising:
a memory that stores computer executable components; and
a processor that executes the computer executable components stored in the memory, wherein the computer executable components comprise:
an execution component that:
determines a policy that applies to an endpoint device based on an operating environment associated with the endpoint device and a profile, wherein the profile comprises a defined set of behaviors and attribute values that can be input into scripts;
based on compliance data, received from an entity, associated with a compliance rule of the endpoint device, scans the endpoint device for an indication of a violation of the compliance rule associated with the policy;
in response to the indication of the endpoint device being non-compliant and thereby exhibiting the violation, facilitates execution of a script associated with the violation at the endpoint device, resulting in a remediation associated with the violation at the endpoint device; and
determines and facilitates display of data regarding which parameter is non-compliant, a value associated with the non-compliant parameter, and what value the parameter should be set to for the endpoint device to become compliant; and
a process manager component that:
receives, from the endpoint device, a non-compliance exception request based on a determination that the endpoint device is non-compliant;
accesses a rule database to determine when a previous non-compliance exception request has been granted for the policy;
in response to a determination that the previous non-compliance exception request has been granted, generates an available override and one or more values to set for attributes of the policy, and stores the one or more values in the endpoint device; and
in response to a determination that the previous non-compliance exception request has not been granted, removes the endpoint device from a system with which the endpoint device is associated.
2. The system of claim 1 , wherein the computer executable components further comprise:
a compliance component that transmits report data associated with a remediation compliance database in response to the remediation, wherein the report data is formatted according to a defined format.
3. The system of claim 2 , wherein the report data comprises a value associated with the violation of the compliance rule and the operating environment is one of a test environment, a production environment, or a development environment.
4. The system of claim 1 , wherein the process manager component:
communicates, to the endpoint device, the determination regarding whether to grant the non-compliance exception request or to not grant the non-compliance exception request.
5. The system of claim 4 , wherein the process manager component also accesses the rule database to determine if a second endpoint device has been granted a non- compliance exception request for the policy.
6. The system of claim 1 , wherein the indication is a first indication, and wherein the execution component receives a second indication associated with a current state of the endpoint device.
7. The system of claim 6 , wherein the second indication comprises non- compliance data representative of the endpoint device being determined to be non-compliant with the compliance rule.
8. The system of claim 1 , wherein the compliance data is first compliance data, and wherein the execution component transmits second compliance data comprising a command for prompting the endpoint device to be compliant with the compliance rule of an entity device.
9. The system of claim 1 , wherein the process manager component also accesses the rule database to determine if a second endpoint device has been granted a non- compliance exception request for the policy.
10. The system of claim 1 , wherein the process manager component also accesses the rule database to determine if the endpoint device has any other pending or approved exception requests, wherein the previous non-compliance exception request was received prior to the non-compliance exception request.
11. A computer program product that facilitates compliance control remediation, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to:
determine, by the processor, a policy that applies to an endpoint device based on an operating environment associated with the endpoint device and a profile, wherein the profile comprises a defined set of behaviors and attribute values that can be input into scripts;
based on compliance data, received from an entity and associated with a compliance rule of the endpoint device, scan, by the processor, the endpoint device for an indication of a violation of the compliance rule associated with the policy;
in response to the indication of the endpoint device being non-compliant and thereby exhibiting the violation, execute, by the processor, a script associated with the violation at the endpoint device, resulting in a remediation associated with the violation at the endpoint device;
based on a security failure resulting in a violation indicating the non-compliance with the policy, receive, by the processor, a non-compliance exception request requesting an exception to the policy;
access, by the processor, a rule database to determine when a previous non- compliance exception request has been granted for the policy;
in response to a determination that the previous non-compliance exception request has been granted, generate, by the processor, an available override and one or more values to set for attributes of the policy, and store, by the processor, the one or more values in the endpoint device; and
in response to a determination that the previous non-compliance exception request has not been granted, remove, by the processor, the endpoint device from a system with which the endpoint device is associated.
12. The computer program product of claim 11 , wherein the program instructions are further executable by the processor to cause the processor to:
in response to the remediation, transmit, by the processor, report data associated with a remediation compliance database, wherein the report data is formatted according to a defined format.
13. The computer program product of claim 12 , wherein the report data comprises a value associated with the violation of the compliance rule and the operating environment is one of a test environment, a production environment, or a development environment.
14. The computer program product of claim 11 , wherein the indication is a first indication, and wherein the program instructions are further executable by the processor to cause the processor to:
receive, by the processor, a second indication associated with a current state of the endpoint device.
15. The computer program product of claim 14 , wherein the second indication comprises non-compliance data representative of the endpoint device being determined to be non-compliant with the compliance rule.
16. The computer program product of claim 11 , wherein the compliance data is first compliance data, and wherein the program instructions are further executable by the processor to cause the processor to:
in response to the remediation, transmit to an entity device, by the processor, second compliance data comprising a command for prompting the endpoint device to be compliant with the compliance rule.
17. A computer program product that facilitates compliance control remediation, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to:
employ, by the processor, one or more wrapper rules to determine which one or more compliance rules to execute for an endpoint device based on a client endpoint device configuration, wherein the employing the one or more wrapper rules comprises comprising:
based on the discovered configuration and a user configurable attribute, specifying which of one or more compliance rules to execute via a defined policy map attribute for the one or more wrapper rules and executing a condition in one or more of the wrappers to provide the benefit of compliance by default;
based on compliance data, received from an entity, associated with a compliance rule of the one or more compliance rules of an endpoint device, scan, by the processor, the endpoint device for an indication of a violation of the compliance rule;
in response to the indication of the endpoint device being non-compliant and thereby exhibiting the violation, facilitate, by the processor, execution of a script associated with the violation at the endpoint device, resulting in a remediation associated with the violation at the endpoint device;
receive, by the processor, an exception request from the endpoint device, wherein the exception request is related to an exception to the compliance rule;
determine, by the processor, whether to uninstall the script associated with the violation at the endpoint device to facilitate continuous compliance;
determine, by the processor, whether to remove a user account on the endpoint device based on discovery of the indication of the endpoint device being non-compliant; and
determine, by the processor, whether to remove the endpoint device from a system with which the endpoint device is associated based on discovery of the indication of the endpoint device being non-compliant.
18. The computer program product of claim 17 , wherein the program instructions are further executable by the processor to cause the processor to:
in response to receiving the exception request from the endpoint device, approve, by the processor, the exception to the compliance rule for the endpoint device.
19. The computer program product of claim 17 , wherein the employing one or more wrapper rules further comprises:
discovering software for which a policy exists by executing discovery and saving the discovered state prior to compliance rule enforcement.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.